General
-
Target
8c6262f069daf29e9f3b13f128119aa0881ad00f3eaae89527a26b432424a596
-
Size
544KB
-
Sample
230323-17lyfsae45
-
MD5
0560058ae89d06f40a101e2a0ede65ec
-
SHA1
5f41ce17e95cefda4b8ec2016c0a6fd3664eb478
-
SHA256
8c6262f069daf29e9f3b13f128119aa0881ad00f3eaae89527a26b432424a596
-
SHA512
9dba3d148e9d73c8e417b82486c54e8b66d5450968ec896989972f138b83261ca5885c89d5439bd53cdd12dac746bce56ed874dc1712f10bfb02b4b5f9a25559
-
SSDEEP
12288:DMriy90msxgi94l4ZbpHvMoUgRZpWsvqjT7nN7oqmdcI3zJY4p+F:9yB8GqzRUwvMRErdcAzuF
Static task
static1
Behavioral task
behavioral1
Sample
8c6262f069daf29e9f3b13f128119aa0881ad00f3eaae89527a26b432424a596.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8c6262f069daf29e9f3b13f128119aa0881ad00f3eaae89527a26b432424a596.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
8c6262f069daf29e9f3b13f128119aa0881ad00f3eaae89527a26b432424a596
-
Size
544KB
-
MD5
0560058ae89d06f40a101e2a0ede65ec
-
SHA1
5f41ce17e95cefda4b8ec2016c0a6fd3664eb478
-
SHA256
8c6262f069daf29e9f3b13f128119aa0881ad00f3eaae89527a26b432424a596
-
SHA512
9dba3d148e9d73c8e417b82486c54e8b66d5450968ec896989972f138b83261ca5885c89d5439bd53cdd12dac746bce56ed874dc1712f10bfb02b4b5f9a25559
-
SSDEEP
12288:DMriy90msxgi94l4ZbpHvMoUgRZpWsvqjT7nN7oqmdcI3zJY4p+F:9yB8GqzRUwvMRErdcAzuF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-